Elasticsearch | Marketplace

Details
Content
Dependencies
Version History

Search for and analyze data in real time. Supports version 6 and later.

Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack and where the indexing, search, and analysis magic happens.
Elasticsearch offers speed and flexibility to handle data in a wide variety of use cases.

What does this pack do?

This pack provides an integration with the Elasticsearch API and allows you to

Query Elasticsearch instances using DSL, EQL and Lucene syntaxes.
Search an index in Elasticsearch
Index a document into an Elastisearch index.

In addition, you can fetch incidents with predefined query.

Pack Contributors:

Joel Cuter

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

This pack provides an integration with the Elasticsearch API and allows you to

Query Elasticsearch instances using DSL, EQL and Lucene syntaxes.
Search an index in Elasticsearch
Index a document into an Elastisearch index.

In addition, you can fetch incidents with predefined query.

Pack Contributors:

Joel Cuter

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
Elasticsearch - Incoming Mapper

Incident Fields

Name	Description
Elasticsearch index
Elasticsearch Host
Elasticsearch Event info
Elasticsearch Source
Elasticsearch Machine
Elasticsearch Timestamp

Incident Types

Name	Description
Elasticsearch

Integrations

Name	Description
Elasticsearch v2	Search for and analyze data in real time. Supports version 6 and later.

Classifiers

Name	Description
Elasticsearch - Incoming Mapper

Incident Fields

Name	Description
Elasticsearch Host
Elasticsearch index
Elasticsearch Machine
Elasticsearch Timestamp
Elasticsearch Event info
Elasticsearch Source

Incident Types

Name	Description
Elasticsearch

Integrations

Name	Description
Elasticsearch v2	Search for and analyze data in real time. Supports version 6 and later.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.3.23 - 1609112 (November 7, 2024)

Integrations

Elasticsearch v2

Added support for Elasticsearch server version 8.
Added the es-get-indices-statistics command which gets information and statistics of all the existing indices.
Updated the Docker image to: demisto/elasticsearch:1.0.0.115427.

Related pull requests:
- 34872

Download

1.3.22 - R1340401 (September 3, 2024)

Integrations

Elasticsearch v2

Added support for providing a dot-notated value for the Index time field parameter.

Related pull requests:
- 34094

Download

1.3.21 - 927547 (April 1, 2024)

Integrations

Elasticsearch v2

Documentation and metadata improvements.

Related pull requests:
- 33695

Download

1.3.20 - 839519 (February 20, 2024)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.87483.

Related pull requests:
- 32995

Download

1.3.19 - 781077 (January 23, 2024)

Integrations

Elasticsearch v2

Fixed an issue where the test button would timeout when executing a test.
Added the es-integration_health_check command to check the health of the integration.

Related pull requests:
- 32360

Download

1.3.18 - R7190203 (December 17, 2023)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.77444.

Related pull requests:
- 30183

Download

1.3.17 - R6592021 (October 13, 2023)

Integrations

Elasticsearch v2

Added the command es-index to ingest documents into an Elasticsearch index.
Updated the Docker image to: demisto/py3-tools:1.0.0.76737.

Related pull requests:
- 29919
- 29786

Download

1.3.16 - 6234071 (September 4, 2023)

Integrations

Elasticsearch v2

Fixed an issue where fetch incidents stopped fetching events due to an incorrect datetime format.
Updated the Docker image to: demisto/py3-tools:1.0.0.72621.

Related pull requests:
- 29421

Download

1.3.15 - R6194926 (August 30, 2023)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.72311.
Updated the default datetime format to YYYY-MM-DDTHH:mm:ss.SSSZ. (Elasticsearch standard).
Fixed an issue where an index regex was set in the index parameter. From now on it will take the custom format from the first index.

Related pull requests:
- 29207
- 29324

Download

1.3.14 - 6106826 (August 21, 2023)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.71964.
Updated the default Time field type integration parameter to Timestamp-Milliseconds.

Related pull requests:
- 29042

Download

1.3.13 - 6010750 (August 10, 2023)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.68557.
Fixed an issue where search command would fail on fields with custom date time format.

Related pull requests:
- 28456

Download

1.3.12 - R5866730 (July 25, 2023)

Integrations

Elasticsearch v2

Note: Organized the the integrations' parameters by sections. Relevant for XSIAM and XSOAR 8.1 and above.

Related pull requests:
- 23711

Download

1.3.11 - 4401483 (January 15, 2023)

Integrations

Elasticsearch v2

Fixed an issue where in the search and es-search commands, the page and size arguments were ignored when using the query_dsl argument.
Added support to run any query_dsl in the search and es-search commands.
Added the aggregations key to the context of the search and es-search commands.
Updated the Docker image to: demisto/py3-tools:1.0.0.44868.

Related pull requests:
- 23597

Download

1.3.10 - R4372591 (January 11, 2023)

Integrations

Elasticsearch v2

Fixed an issue where in the search and es-search commands the index argument was ignored when using query_dsl argument.
Updated the Docker image to: demisto/py3-tools:1.0.0.42928.

Related pull requests:
- 23271

Download

1.3.9 - 4265201 (December 22, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.41700.

Related pull requests:
- 23212

Download

1.3.8 - 4172596 (December 8, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.40313.

Related pull requests:
- 22743

Download

1.3.7 - 4158369 (December 6, 2022)

Integrations

Elasticsearch v2

Fixed an issue where the search and es-search commands did not take the timestamp_range_start and timestamp_range_start arguments into account when performing the search filter.
Updated the Docker image to: demisto/py3-tools:1.0.0.40085.

Related pull requests:
- 22652

Download

1.3.6 - 4105702 (November 26, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.38394.

Related pull requests:
- 22483

Download

1.3.5 - 4013107 (November 10, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.37249.

Related pull requests:
- 22141

Download

1.3.4 - 3921089 (October 26, 2022)

Integrations

Elasticsearch v2

Added support for wildcard indices in get-mapping-fields command.
Updated the Docker image to demisto/py3-tools:1.0.0.36436.

Related pull requests:
- 21264

Download

1.3.3 - 3818129 (October 11, 2022)

Integrations

Elasticsearch v2

Documentation and metadata improvements.

Related pull requests:
- 21623

Download

1.3.2 - 3769974 (October 2, 2022)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 21557

Download

1.3.1 - 3649843 (September 13, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.33659.

Related pull requests:
- 21043

Download

1.3.0 - R3556969 (August 29, 2022)

Incident Fields

Elasticsearch Event info
Elasticsearch Host
Elasticsearch Machine
Elasticsearch Source
Elasticsearch Timestamp
Elasticsearch index

Incident Types

ElasticSearch

Integrations

Elasticsearch v2

Added support for viewing the IDs of the fetched messages in the Source IDs column of the fetch history modal (supported in XSOAR version 6.8.0 and above).
Updated the Docker image to: demisto/py3-tools:1.0.0.32758.
Added the following parameters:
- Raw Query
- Query Time Range
Added the following arguments to the es-search command:
- query_dsl
- timestamp_range_start
- timestamp_range_end

Related pull requests:
- 20310

Download

1.2.14 - 3204921 (July 5, 2022)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/py3-tools:1.0.0.31193.

Related pull requests:
- 19889

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 20, 2020
Last Release	November 7, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.